From owner-freebsd-questions Mon Aug 18 23:58:34 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.5/8.8.5) id XAA16337 for questions-outgoing; Mon, 18 Aug 1997 23:58:34 -0700 (PDT) Received: from ot.stpn.soft.net (freebie.opentech.stpn.soft.net [204.143.126.74]) by hub.freebsd.org (8.8.5/8.8.5) with SMTP id XAA16327 for ; Mon, 18 Aug 1997 23:58:28 -0700 (PDT) Received: from andes (andes.opentech.stpn.soft.net [204.143.126.66]) by ot.stpn.soft.net (8.6.12/8.6.12) with ESMTP id MAA13677; Tue, 19 Aug 1997 12:30:26 +0530 Message-ID: <33F9D6F7.50250F02@opentech.stpn.soft.net> Date: Tue, 19 Aug 1997 12:25:11 -0500 From: Prashant Dongre Reply-To: pdongre@opentech.stpn.soft.net Organization: Open Technologies X-Mailer: Mozilla 4.01 [en] (WinNT; I) MIME-Version: 1.0 To: Jerry Kelley CC: sthaug@nethelp.no, freebsd-questions@FreeBSD.ORG Subject: Re: sendmail on a firewall box X-Priority: 3 (Normal) References: <33F7C9E9.167EB0E7@iquest.net> <3599.871884758@verdi.nethelp.no> <33F85122.41C67EA6@iquest.net> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-questions@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk Jerry Kelley wrote: > sthaug@nethelp.no wrote: > > > > > > > > I just want one box that provides the services to my small LAN. I want > > > that box to be the mail host for my company and also provide a > > > firewall/proxy service. > > > > Sounds like you should buy a Whistle Interjet :-) (www.whistle.com) > > Yeah, well, the ISP's around here haven't even heard of the Interjet. > Besides, it's not that economical. I can build a FreeBSD box and > configure > it for much less money! > > > > > Anyway, given sendmail past history I'd feel very uncomfortable with > > sendmail in any sort of security-related function. Why don't you look > > at qmail (www.qmail.org) instead? This was written with security in > > mind. > > Thanks for the tip. I'll look into it. It's interesting how some will > say that it's OK to run sendmail on the firewall box and others will > cringe at it! > > > > > I hope by "Internet access point" you don't mean for users to actually > > login to the firewall box? This is generally considered a bad idea. > > No. The box will be dedicated to providing Interjet-like services for > my LAN. It will not be used by any users other than the administrator > for administration. I am doing the same thing what you are planning to do (for last two years...). But I have made a little change, I have my firewall on on FreeBSD box and mail on other FreeBSD box. The Firewall FreeBSD double-up as my secondary mail server as well as HTTP proxy server. On all these boxes the login shells have been disabled and users access only thru POP server. I am quite happy with this setup and keep my other FreeBSD box as hot stand-by if in case the mail router/Firewall crashes. I need to look at 'Whistle' though, let me know if you find that interesting. Prashant.